CINXE.COM

SecurityManagement - Debian Wiki

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html> <head> <meta http-equiv="X-UA-Compatible" content="IE=Edge"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="shortcut icon" href="/htdocs/favicon.ico"> <script type="text/javascript" src="/htdocs/bugstatus.js"></script> <meta http-equiv="Content-Type" content="text/html;charset=utf-8"> <meta name="robots" content="noindex,nofollow"> <title>SecurityManagement - Debian Wiki</title> <script type="text/javascript" src="/htdocs/common/js/common.js"></script> <script type="text/javascript"> <!-- var search_hint = "Search"; //--> </script> <link rel="stylesheet" type="text/css" charset="utf-8" media="all" href="/htdocs/debwiki/css/common.css"> <link rel="stylesheet" type="text/css" charset="utf-8" media="screen" href="/htdocs/debwiki/css/screen.css"> <link rel="stylesheet" type="text/css" charset="utf-8" media="print" href="/htdocs/debwiki/css/print.css"> <link rel="stylesheet" type="text/css" charset="utf-8" media="projection" href="/htdocs/debwiki/css/projection.css"> <link rel="stylesheet" type="text/css" charset="utf-8" media="all" href="/htdocs/debian-wiki-1.0.css"> <!-- css only for MS IE6/IE7 browsers --> <!--[if lt IE 8]> <link rel="stylesheet" type="text/css" charset="utf-8" media="all" href="/htdocs/debwiki/css/msie.css"> <![endif]--> <link rel="alternate" title="Debian Wiki: SecurityManagement" href="/SecurityManagement?diffs=1&amp;show_att=1&amp;action=rss_rc&amp;unique=0&amp;page=SecurityManagement&amp;ddiffs=1" type="application/rss+xml"> <link rel="Start" href="/FrontPage"> <link rel="Alternate" title="Wiki Markup" href="/SecurityManagement?action=raw"> <link rel="Alternate" media="print" title="Print View" href="/SecurityManagement?action=print"> <link rel="Search" href="/FindPage"> <link rel="Index" href="/TitleIndex"> <link rel="Glossary" href="/WordIndex"> <link rel="Help" href="/HelpOnFormatting"> </head> <body lang="en" dir="ltr"> <div id="logo"><a href="https://www.debian.org" title="Debian Homepage"><img src="https://www.debian.org/Pics/openlogo-50.png" alt="Debian" width="50" height="61"></a></div> <div id="header"> <div id="wikisection"> <p class="section"><a href="/FrontPage" title="Debian Wiki Homepage">Wiki</a></p> <div id="username"><a href="/SecurityManagement?action=login" id="login" rel="nofollow">Login</a></div> </div> <div id="navbar"> <ul id="navibar"> <li class="wikilink"><a href="/FrontPage">FrontPage</a></li><li class="wikilink"><a href="/RecentChanges">RecentChanges</a></li><li class="wikilink"><a href="/FindPage">FindPage</a></li><li class="wikilink"><a href="/HelpContents">HelpContents</a></li><li class="current"><a href="/SecurityManagement">SecurityManagement</a></li> </ul> </div> <form id="searchform" method="get" action="/SecurityManagement"> <div> <input type="hidden" name="action" value="fullsearch"> <input type="hidden" name="context" value="180"> <label for="searchinput">Search:</label> <input id="searchinput" type="text" name="value" value="" size="20" onfocus="searchFocus(this)" onblur="searchBlur(this)" onkeyup="searchChange(this)" onchange="searchChange(this)" alt="Search"> <input id="titlesearch" name="titlesearch" type="submit" value="Titles" alt="Search Titles"> <input id="fullsearch" name="fullsearch" type="submit" value="Text" alt="Search Full Text"> </div> </form> <script type="text/javascript"> <!--// Initialize search form var f = document.getElementById('searchform'); f.getElementsByTagName('label')[0].style.display = 'none'; var e = document.getElementById('searchinput'); searchChange(e); searchBlur(e); //--> </script> <div id="logo"><a href="https://www.debian.org" title="Debian Homepage"><img src="https://www.debian.org/Pics/openlogo-50.png" alt="Debian" width="50" height="61"></a></div> <div id="breadcrumbs"><a href="/FrontPage" title="Debian Wiki Homepage">Wiki</a><span class="sep">/</span> </div> <ul class="editbar"><li><a href="/SecurityManagement?action=login" id="login-1" rel="nofollow">Login</a></li><li class="toggleCommentsButton" style="display:none;"><a href="#" class="nbcomment" onClick="toggleComments();return false;">Comments</a></li><li><a class="nbinfo" href="/SecurityManagement?action=info" rel="nofollow">Info</a></li><li><a class="nbattachments" href="/SecurityManagement?action=AttachFile" rel="nofollow">Attachments</a></li><li> <form class="actionsmenu" method="GET" action="/SecurityManagement"> <div> <label>More Actions:</label> <select name="action" onchange="if ((this.selectedIndex != 0) && (this.options[this.selectedIndex].disabled == false)) { this.form.submit(); } this.selectedIndex = 0;"> <option value="raw">Raw Text</option> <option value="print">Print View</option> <option value="RenderAsDocbook">Render as Docbook</option> <option value="show" disabled class="disabled">Delete Cache</option> <option value="show" disabled class="disabled">------------------------</option> <option value="SpellCheck">Check Spelling</option> <option value="LikePages">Like Pages</option> <option value="LocalSiteMap">Local Site Map</option> <option value="show" disabled class="disabled">------------------------</option> <option value="RenamePage" disabled class="disabled">Rename Page</option> <option value="DeletePage" disabled class="disabled">Delete Page</option> <option value="show" disabled class="disabled">------------------------</option> <option value="show" disabled class="disabled">Subscribe User</option> <option value="show" disabled class="disabled">------------------------</option> <option value="show" disabled class="disabled">Remove Spam</option> <option value="show" disabled class="disabled">Revert to this revision</option> <option value="PackagePages">Package Pages</option> <option value="show" disabled class="disabled">------------------------</option> <option value="Load">Load</option> <option value="Save">Save</option> <option value="SlideShow">SlideShow</option> </select> <input type="submit" value="Do"> </div> <script type="text/javascript"> <!--// Init menu actionsMenuInit('More Actions:'); //--> </script> </form> </li></ul> <h1 id="locationline"> <ul id="pagelocation"> <li><a href="/SecurityManagement">SecurityManagement</a></li> </ul> </h1> </div> <div id="page" lang="en" dir="ltr"> <div dir="ltr" id="content" lang="en"><span class="anchor" id="top"></span> <span class="anchor" id="line-1"></span><span class="anchor" id="line-2"></span><span class="anchor" id="line-3"></span><span class="anchor" id="line-4"></span><span class="anchor" id="line-5"></span><p class="line867"><small><a href="/DebianWiki/EditorGuide#translation">Translation(s)</a>: <a href="/SecurityManagement">English</a> - <a href="/de/SecurityManagement">German</a> - <a href="/fr/SecurityManagement">Fran莽ais</a> - <a href="/it/SecurityManagement">Italiano</a> </small> <span class="anchor" id="line-6"></span><span class="anchor" id="line-7"></span><span class="anchor" id="line-8"></span><p class="line867"><img alt="Portal/IDB/icon-wiki-portal.png" class="attachment" src="/Portal/IDB?action=AttachFile&amp;do=get&amp;target=icon-wiki-portal.png" title="Portal/IDB/icon-wiki-portal.png" /> <span class="anchor" id="line-9"></span><span class="anchor" id="line-10"></span><p class="line867"><a href="/FrontPage">Debian Wiki</a> Security portal - This portal covers various aspects of securing Debian GNU/Linux systems. <span class="anchor" id="line-11"></span><span class="anchor" id="line-12"></span><p class="line867"><span class="anchor" id="line-13"></span><span class="anchor" id="line-14"></span><span class="anchor" id="line-15"></span><div class="debian"><span class="anchor" id="line-1-1"></span><p class="line867"><a class="https" href="https://www.debian.org/doc/user-manuals#securing">https://www.debian.org/doc/user-manuals#securing</a> - <em>Securing Debian</em> Manual <br> <span class="anchor" id="line-2-1"></span><a class="https" href="https://www.debian.org/security/">https://www.debian.org/security/</a> - Information about Debian Security </div><span class="anchor" id="line-16"></span><span class="anchor" id="line-17"></span><ul><li style="list-style-type:none"><p class="line891"><strong><a class="interwiki" href="https://en.wikipedia.org/wiki/Computer_security" title="WikiPedia">Computer security</a></strong>, cybersecurity or information technology security (IT security) is the protection of computer systems from the theft of or damage to their hardware, software, or electronic data, as well as from the disruption or misdirection of the services they provide. The field is becoming more important due to increased reliance on computer systems, the Internet, wireless networks, the growth of &quot;smart&quot;/&quot;Internet of things&quot; devices. <span class="anchor" id="line-18"></span><span class="anchor" id="line-19"></span></li></ul><p class="line874">Some common principles of computer security include: <span class="anchor" id="line-20"></span><span class="anchor" id="line-21"></span><p class="line867"><span class="anchor" id="line-22"></span><span class="anchor" id="line-23"></span><ul><li><p class="line891"><a class="interwiki" href="https://en.wikipedia.org/wiki/Threat_model" title="WikiPedia">Threat models</a>: Some will only want to prevent access to their computer/account when leaving it a few minutes to make coffee - this is simply dealt with (installing a screen locker). Some may want to stop sophisticated gangs from breaking into their systems - this requires a whole shift in thinking so that everything you do has security in mind. <span class="anchor" id="line-24"></span></li><li><p class="line891"><a class="interwiki" href="https://en.wikipedia.org/wiki/Defense_in_depth_%28computing%29" title="WikiPedia">Defense in depth</a>: building <a class="interwiki" href="https://en.wikipedia.org/wiki/Layered_security" title="WikiPedia">layer upon layer</a> of security measures - hence not only relying on one layer of security, but many different measures which would all have to be circumvented in order to compromise the system. <span class="anchor" id="line-25"></span></li><li><p class="line862">A <em>weakest link</em> is any component in a system, that will cause the whole security strategy to fail if defeated. <span class="anchor" id="line-26"></span></li><li><p class="line891"><em>Security is a process, not a product</em>: just buying or setting up a technology solution will not provide you security on its own - security is an ongoing technological and human process. <span class="anchor" id="line-27"></span><span class="anchor" id="line-28"></span></li></ul><p class="line867"><hr /><p class="line874"> <span class="anchor" id="line-29"></span><span class="anchor" id="line-30"></span><p class="line862">The <strong><a class="https" href="https://www.debian.org/doc/user-manuals#securing">Securing Debian manual</a></strong> describes security in Debian, securing and hardening the default Debian GNU/Linux installation, common tasks to set up a secure network environment, and additional information on available security tools. <span class="anchor" id="line-31"></span><span class="anchor" id="line-32"></span><p class="line867"><hr /><p class="line874"> <span class="anchor" id="line-33"></span><span class="anchor" id="line-34"></span><p class="line867"> <h2 id="Security_checklist">Security checklist</h2> <span class="anchor" id="line-35"></span><span class="anchor" id="line-36"></span><p class="line862">This covers only <em>some</em> aspects of securing a system: <span class="anchor" id="line-37"></span><span class="anchor" id="line-38"></span><ul><li><p class="line862">Read the <a class="https" href="https://www.debian.org/doc/user-manuals#securing">Securing Debian manual</a>. <span class="anchor" id="line-39"></span></li><li><p class="line862">Subscribe to the <a class="https" href="https://lists.debian.org/debian-security-announce/">debian-security-announce</a> mailing list for information on security advisories, and/or the higher traffic <a class="https" href="https://lists.debian.org/debian-security/">debian-security</a> list. <span class="anchor" id="line-40"></span></li><li><p class="line862">Only <a href="/PackageManagement">install software from trusted sources</a>. Use <a href="/SecureApt">SecureApt</a> to validate package signatures. Minimize installed software. <span class="anchor" id="line-41"></span></li><li><p class="line862">Enforce privilege separation using <a href="/UsersAndGroups">Linux users/groups</a>, <a href="/ServiceSandboxing">ServiceSandboxing</a> or <a href="/Virtualization">Virtualization</a> methods. <span class="anchor" id="line-42"></span></li><li><p class="line862">Minimize running software - check for running processes that you do not need (<tt>ps</tt>, <tt>top</tt>, monitoring systems, ...), minimize running <a href="/systemd">services</a>. <span class="anchor" id="line-43"></span></li><li><p class="line862">Use a <a href="/Firewalls">firewall</a> to restrict network access to and from your system. Close any ports that you do not need open. Check for unwanted open ports/services (<tt>ss</tt>, <tt>netstat</tt>...). Disable networking in applications that do not need it. <span class="anchor" id="line-44"></span></li><li><p class="line862">Use strong <a href="/Cryptography">Cryptography</a> (encrypted network protocols). <span class="anchor" id="line-45"></span></li><li><p class="line862">Prevent data loss with a good <a href="/BackupAndRecovery">backup</a> strategy. <span class="anchor" id="line-46"></span></li><li><p class="line862">Increase availability by adding redundancy/failover mechanisms (<a href="/Storage#RAID">RAID</a>, ...). <span class="anchor" id="line-47"></span><span class="anchor" id="line-48"></span></li></ul><p class="line867"> <h3 id="Wiki_pages">Wiki pages</h3> <span class="anchor" id="line-49"></span><span class="anchor" id="line-50"></span><p class="line874">List of pages related to security management in Debian: <span class="anchor" id="line-51"></span><span class="anchor" id="line-52"></span><p class="line867"><div class="searchresults"> <ol start="1"><li><a href="/AppArmor?highlight=%28CategorySystemSecurity%29">AppArmor</a></li><li><a href="/AppArmor/Contribute?highlight=%28CategorySystemSecurity%29">AppArmor/Contribute</a></li><li><a href="/AppArmor/HowToUse?highlight=%28CategorySystemSecurity%29">AppArmor/HowToUse</a></li><li><a href="/AppArmor/Reportbug?highlight=%28CategorySystemSecurity%29">AppArmor/Reportbug</a></li><li><a href="/AppArmor/UserStories?highlight=%28CategorySystemSecurity%29">AppArmor/UserStories</a></li><li><a href="/CategorySystemSecurity?highlight=%28CategorySystemSecurity%29"><strong>CategorySystemSecurity</strong></a></li><li><a href="/CryptoPolicy?highlight=%28CategorySystemSecurity%29">CryptoPolicy</a></li><li><a href="/Cryptography?highlight=%28CategorySystemSecurity%29">Cryptography</a></li><li><a href="/Cryptsetup?highlight=%28CategorySystemSecurity%29">Cryptsetup</a></li><li><a href="/DebianEdu/HowTo/LtspBootchart?action=AttachFile&amp;do=view&amp;target=ltsp-build-client.log-0.82-2-20060309.txt&amp;highlight=%28CategorySystemSecurity%29">DebianEdu/HowTo/LtspBootchart <strong>(ltsp-build-client.log-0.82-2-20060309.txt)</strong></a></li><li><a href="/DebianFirewall?highlight=%28CategorySystemSecurity%29">DebianFirewall</a></li><li><a href="/DebianSecurity/debsecan?highlight=%28CategorySystemSecurity%29">DebianSecurity/debsecan</a></li><li><a href="/Doas?highlight=%28CategorySystemSecurity%29">Doas</a></li><li><a href="/Firewalls?highlight=%28CategorySystemSecurity%29">Firewalls</a></li><li><a href="/OpenPGP?highlight=%28CategorySystemSecurity%29">OpenPGP</a></li><li><a href="/Permissions?highlight=%28CategorySystemSecurity%29">Permissions</a></li><li><a href="/ReleaseGoals/SystemdAnalyzeSecurity?highlight=%28CategorySystemSecurity%29">ReleaseGoals/SystemdAnalyzeSecurity</a></li><li><a href="/Root?highlight=%28CategorySystemSecurity%29">Root</a></li><li><a href="/SELinux?highlight=%28CategorySystemSecurity%29">SELinux</a></li><li><a href="/SSH?highlight=%28CategorySystemSecurity%29">SSH</a></li><li><a href="/SSLkeys?highlight=%28CategorySystemSecurity%29">SSLkeys</a></li><li><a href="/Seahorse?highlight=%28CategorySystemSecurity%29">Seahorse</a></li><li><a href="/SecuringNFS?highlight=%28CategorySystemSecurity%29">SecuringNFS</a></li><li><a href="/SecurityManagement?highlight=%28CategorySystemSecurity%29">SecurityManagement</a></li><li><a href="/SecurityManagement/fingerprint%20authentication?highlight=%28CategorySystemSecurity%29">SecurityManagement/fingerprint authentication</a></li><li><a href="/Self-Signed_Certificate?highlight=%28CategorySystemSecurity%29">Self-Signed_Certificate</a></li><li><a href="/ServiceSandboxing?highlight=%28CategorySystemSecurity%29">ServiceSandboxing</a></li><li><a href="/Sprints/2016/DebianCloudNov2016?action=AttachFile&amp;do=view&amp;target=Minutes.txt&amp;highlight=%28CategorySystemSecurity%29">Sprints/2016/DebianCloudNov2016 <strong>(Minutes.txt)</strong></a></li><li><a href="/SystemGroups?highlight=%28CategorySystemSecurity%29">SystemGroups</a></li><li><a href="/UntrustedDebs?highlight=%28CategorySystemSecurity%29">UntrustedDebs</a></li><li><a href="/UserAccounts?highlight=%28CategorySystemSecurity%29">UserAccounts</a></li><li><a href="/UserPrivateGroups?highlight=%28CategorySystemSecurity%29">UserPrivateGroups</a></li><li><a href="/UsersAndGroups?highlight=%28CategorySystemSecurity%29">UsersAndGroups</a></li><li><a href="/UsingSCAP?highlight=%28CategorySystemSecurity%29">UsingSCAP</a></li><li><a href="/WHEEL/PAM?highlight=%28CategorySystemSecurity%29">WHEEL/PAM</a></li><li><a href="/pamusb?highlight=%28CategorySystemSecurity%29">pamusb</a></li><li><a href="/sudo?highlight=%28CategorySystemSecurity%29">sudo</a></li><li><a href="/suricata?highlight=%28CategorySystemSecurity%29">suricata</a></li><li><a href="/zh_CN/AppArmor/HowToUse?highlight=%28CategorySystemSecurity%29">zh_CN/AppArmor/HowToUse</a></li></ol> </div> <span class="anchor" id="line-53"></span><span class="anchor" id="line-54"></span><p class="line867"><hr /><p class="line874"> <span class="anchor" id="line-55"></span><span class="anchor" id="line-56"></span><p class="line867"><a href="/CategoryPortal">CategoryPortal</a> | <a href="/CategorySystemAdministration">CategorySystemAdministration</a> | <a href="/CategorySystemSecurity">CategorySystemSecurity</a> | <a href="/CategoryNetwork"><strong class="highlight">CategoryNetwork</strong></a> | <a href="/FixMe">FixMe</a> <span class="anchor" id="line-57"></span><span class="anchor" id="bottom"></span></div><div id="pagebottom"></div> </div> <div id="footer"> <p id="pageinfo" class="info" lang="en" dir="ltr">SecurityManagement (<a class="nbinfo" href="/SecurityManagement?action=info" rel="nofollow">last modified 2025-01-03 11:44:34</a>)</p> <ul id="credits"> <li>Debian <a href="https://www.debian.org/legal/privacy">privacy policy</a>, Wiki <a href="/Teams/DebianWiki">team</a>, <a href="https://bugs.debian.org/wiki.debian.org">bugs</a> and <a href="https://salsa.debian.org/debian/wiki.debian.org">config</a>.</li><li>Powered by <a href="https://moinmo.in/" title="This site uses the MoinMoin Wiki software.">MoinMoin</a> and <a href="https://moinmo.in/Python" title="MoinMoin is written in Python.">Python</a>, with hosting provided by <a href="https://www.man-da.de/">Metropolitan Area Network Darmstadt</a>.</li> </ul> </div> </body> </html>

Pages: 1 2 3 4 5 6 7 8 9 10